Solutions Security

DocProcess’ commitment to a flawless user experience is backed by extensive security measures, as well as a multi-level back-up process. This page is meant to showcase a few of the steps we’ve taken to make sure your documents and data are perfectly safe and always at hand.

Uptime and Availability

Cloud computing and virtualization technologies are what makes modern software solutions so easy to deploy and integrate. In order to protect this infrastructure, we’ve made sure that:

  • Our software stack is hosted on fully redundant servers, with an active standby HA (High Availability) model
  • DocXchange data storage is replicated in real-time on redundant storage located in the same data center
  • The Data Center Provider hosting our servers guarantees redundancy for power, network, and cooling with a guaranteed availability of 99.5%
  • We’ve implemented an “Automate All Things” policy – our systems guarantee quick redeployment in case of loss of services
  • We have an incident response team constantly monitoring both our solutions and the infrastructure behind them for issues.

Backups and Disaster Recovery

  • An advanced fire detection and extinguishing system is in place, as well as sensors for temperature, humidity and smoke
  • An earthquake protection system for our racks is in place, developed in partnership with Hilti
  • Our equipment is constantly and redundantly powered by two alternative sources
  • Constant support and remote hands are available for our Data Center
  • Our Data Center power is backed by UPS machines and diesel generators, while a temperature of 27 degrees (top of the rack), as stated by ASHRAE standards, is constantly maintained within (using Cold Aisle Containment and similar systems)
  • Backups are performed 3 times a day, guaranteeing that, even in a worst case scenario, business transactions will be interrupted for no more than 8 hours
  • Backups are replicated locally to the main data center (Bucharest) as well as in a different data center (Cluj) for disaster recovery requirements
  • For a disaster that permanently impacts a single physical server, our Disaster Recovery Plan has the following metrics:
    • Compute Server: 4 hours recovery time
    • Storage Server: 4 hours recovery time
  • For data center disasters (one entire data center is completely and permanently down), our Disaster Recovery Plan has the next metrics:
    • A total of 48 hours for
      • Data backup recovery
      • Software stack recovery, including rebuilding the Compute Server configuration
      • Storage Server recovery
      • External access reconfiguration

Data Localization

  • Our engineering teams are located in two different areas/countries, increasing our capacity for continuous monitoring and platform management
  • Our servers allow you to store your documents in a region of your choice, thus fulfilling datal localization requirements
  • For further compliance, data is constantly backed up in data centers from different regions.
  • All documents have a pretedermined storage period, after which automatic deletion is enabled (unless the user chooses otherwise).

Product Security

  • SSL – All connections, internal and external, are SSL based. In fact, our servers have an A rating on the SSLabs analysis website.
  • CVE – We’ve implemented detection in the production chain at build time, guaranteeing an up-to-date software stack with the latest security fixes
  • Safe Servers – We use a secure Linux distribution with up-to-date security patches
  • Secure Data Transmission- We’re using Arcesb EDI technology, as well as secure AS2 transfer protocols.
  • API Protection – Our services can be directly and safely integrated with your ERP or accounting software.
  • Isolation – We’ve implemented a hard shell over all communication layers (data, application, monitoring) and components (Firewall configuration, access audit, and many more) for extra security.
  • Physical Protection – All equipment is stored in protected spaces, with restricted access and permanent surveillance.

User Security

  • VAULT – All platform keys, certificates, passwords are all vault managed, thus making them impossible to replicate
  • Administrators have full visibility into the user base activity
  • Users have a complete and legally usable audit trail, allowing them to see when a document has been modified and how
  • Access management is easy to perform, and user access can be instantly granted or revoked. Identity checks are available
  • User-level documents are sent using secure protocols and backed up in our system.
  • Our security protocols have been certified by an ISO 27001 standard.

Standards, Certifications, and Compliance

Aside from our recent awards and recognition, our company also benefits from a couple of national and international certifications, including:

  • ISO 20022 for electronic data interchange between financial institutions
  • ISO 27001 for information security
  • UBL Ready certification for our document formats
  • Certified PEPPOL access point (for EU cross-border eProcurement)

Our commitment to privacy has been proven by an official GDPR certification.